Lucene search
K

237 matches found

ATTACKERKB
ATTACKERKB
added 2025/06/13 8:15 a.m.6 views

CVE-2024-38824

Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...

9.6CVSS5.9AI score0.00982EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/06/13 8:15 a.m.4 views

UBUNTU-CVE-2024-38824

Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...

9.6CVSS5.9AI score0.00982EPSS
Exploits0References4
Snyk
Snyk
added 2025/06/13 7:43 a.m.3 views

Directory Traversal

Overview salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable t...

6.7CVSS7.8AI score0.00266EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/06/13 7:15 a.m.8 views

CVE-2025-22238

Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory...

4.2CVSS7.2AI score0.00266EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/13 7:10 a.m.42 views

CVE-2024-38824 CVE-2024-38824 salt advisory

Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...

9.6CVSS0.00982EPSS
Exploits0References2
CVE
CVE
added 2025/06/13 7:10 a.m.165 views

CVE-2024-38824

CVE-2024-38824 is a directory traversal vulnerability in the recv_file method that allows writing arbitrary files into the Salt master cache directory. Public references in multiple advisories (SUSE openSUSE/SUSE-SU-2025-02501/-02492/-02476, SUSE-2025-02492, -02500, -02502) confirm the flaw affec...

9.6CVSS9.3AI score0.00982EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/06/13 7:10 a.m.6 views

CVE-2024-38824 CVE-2024-38824 salt advisory

Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...

9.6CVSS7.1AI score0.00982EPSS
Exploits0References4
CVE
CVE
added 2025/06/13 6:58 a.m.70 views

CVE-2025-22238

CVE-2025-22238 describes a directory traversal vulnerability in Salt’s master cache handling, where the master’s default cache could be written to or overwritten outside the intended cache directory via the minion file cache creation. Connected sources confirm the issue is real in Salt deployment...

4.2CVSS4.4AI score0.00266EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/13 6:58 a.m.34 views

CVE-2025-22238 CVE-2025-22238 salt advisory

Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory...

4.2CVSS0.00266EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/13 12:0 a.m.4 views

Salt 安全漏洞

Salt is an automation, infrastructure management, data-driven orchestration, and remote execution application from the Salt project. A security vulnerability exists in Salt that stems from a directory traversal attack in minion file cache creation, which could result in writing or overwriting fil...

4.2CVSS6.7AI score0.00266EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/13 12:0 a.m.7 views

Salt 安全漏洞

Salt is an automation, infrastructure management, data-driven orchestration, and remote execution application from the Salt project. A security vulnerability exists in Salt that stems from a directory traversal that could result in arbitrary files being written to the main cache directory...

9.6CVSS6.7AI score0.00982EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/02/14 5:28 a.m.5 views

SUSE CVE-2024-22231

Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master...

5CVSS5.4AI score0.00693EPSS
Exploits0References18
Snyk
Snyk
added 2025/02/10 7:40 p.m.6 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere due to insecure initialization of the DEFAULTCACHEDIR in app.py, using of user input...

8.7CVSS6.8AI score0.00501EPSS
Exploits1References2
Veracode
Veracode
added 2025/02/03 6:27 a.m.7 views

Improper Access Control

snowflake-connector-nodejs is vulnerable to Improper Access Control. The vulnerability is due to insufficient file permission checks due to an attacker with write access to the local cache directory being able to bypass temporary credential cache restrictions...

5.5CVSS6.5AI score0.00143EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/01/29 6:42 p.m.12 views

GHSA-XFHV-WQJ6-RX99 snowflake-sdk may incorrectly validate temporary credential cache file permissions

Issue Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This vulnerability affects versions 1.12.0 through 2.0.1 on Linux...

4.4CVSS4.7AI score0.00143EPSS
Exploits0References4
OSV
OSV
added 2024/12/12 12:50 p.m.6 views

SUSE-SU-2024:4303-1 Security update for buildah

This update for buildah fixes the following issues: Security issues fixed: - CVE-2024-9675: cache arbitrary directory mount bsc1231499 - CVE-2024-9407: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction bsc1231208 - CVE-2024-9676: symlink traversal...

8.2CVSS7.3AI score0.01345EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2024/11/11 1:34 a.m.2 views

buildah: Buildah allows arbitrary directory mount

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host read/write into the container as long as those files can...

7.8CVSS7.3AI score0.00392EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/10/30 7:52 p.m.3 views

buildah: Buildah allows arbitrary directory mount

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host read/write into the container as long as those files can...

7.8CVSS7.3AI score0.00392EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2024/10/18 1:15 p.m.2 views

Security update for buildah

This update for buildah fixes the following issues: CVE-2024-9675: Fixed arbitrary cache directory mount bsc1231499 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed...

4.8CVSS8.2AI score0.00392EPSS
Exploits0References4
Veracode
Veracode
added 2024/10/15 7:47 a.m.6 views

Path Traversal

github.com/containers/buildah is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of user-specified paths for cache mounts, which allows users to reference directories outside the designated cache directory...

7.8CVSS7.6AI score0.00392EPSS
Exploits0References28Affected Software3
Rows per page
Query Builder